Senior Software Engineer (Rust) - Proxy Services

<h2>The Role</h2> <p>The <strong>Senior Software Engineer (Rust) - Proxy Services</strong>&nbsp;will own the conversion of Securly's web filtering proxy business logic from C++ to production Rust — maintaining behavioral parity across a high-throughput proxy that handles HTTP/HTTPS traffic for millions of students daily.</p> <p>A modern, memory-safe Rust proxy is already underway at Securly. When you join, the initial Rust proxy is in production and your mission is the next phase: integrating and converting the existing C++ business logic into production Rust. This means reading C++, reasoning about behavior, and re-implementing it correctly — including HTTPS tunneling, TLS interception, JavaScript injection into HTML responses (the ACP-48 shim pattern), and Redis-based policy lookups. Precision and behavioral correctness are non-negotiable.</p> <p>At L5, you are not just a skilled implementer. You own the conversion strategy, define the phasing and testing approach, surface architectural risks to the L6 lead, and raise the Rust competency of the broader proxy team.</p> <div class="meta-item"><hr>Level: <strong>L5____</strong>Experience: <strong>8–15 Years_____</strong>Location: <strong>Pune, India_____</strong>Work Type: <strong>Hybrid (2 days onsite)_____</strong>Reports To: <strong>Filter Engineering Manager</strong></div> <hr> <h2>What You'll Do</h2> <ul> <li>Own the C++ to Rust conversion strategy: define the porting sequence, identify behavioral risks, and establish the testing approach that gives confidence in parity before cutover.</li> <li>Read, debug, and deeply understand existing C++ proxy business logic, then port it to production Rust with full behavioral parity.</li> <li>Build and maintain forward proxy operations: HTTPS CONNECT tunneling, TLS interception, HTTP/1.1 and HTTP/2, header manipulation, connection pooling.</li> <li>Implement JavaScript content script injection into HTML responses (ACP-48 shim pattern) — enabling proxy-side injection for customers not served by the Chrome extension.</li> <li>Integrate Redis-based real-time policy lookups; handle Redis failure modes gracefully; document degraded-mode behavior and validate it under load.</li> <li>Profile and benchmark proxy performance under high-concurrency load; use flame graphs to validate changes; maintain a written performance baseline document.</li> <li>Identify gaps in the existing C++ codebase where behavior is unclear or likely incorrect — treating the port as an opportunity to improve, not just replicate.</li> <li>Mentor junior Rust engineers on ownership models, async patterns, and systems-level debugging.</li> <li>Collaborate closely with the Proxy Hardening engineer on shared infrastructure and production issues.</li> </ul> <hr> <h2>Skills &amp; Requirements</h2> <div class="skill-section must"><hr> <h3>Must-Have</h3> <ul> <li>Rust — deep production expertise: ownership, lifetimes, async/await (Tokio), high-concurrency networking, unsafe code awareness. 4+ years at production level. Must build on day one.</li> <li>C++ — ability to read, navigate, debug, and reason about a large legacy C++ codebase. Confident C++ reading is non-negotiable.</li> <li>HTTP proxy architecture — forward proxy operation, HTTPS CONNECT tunneling, TLS interception (MITM), HTTP/1.1 and HTTP/2, header manipulation, connection pooling.</li> <li>Redis — data structures, performance characteristics, and failure mode handling in a proxy hot-path.</li> <li>Conversion / porting methodology — demonstrated ability to define a phased porting strategy: behavioral decomposition, parity testing, risk-ranked sequencing. L5 owns the plan, not just the execution.</li> </ul> </div> <div class="skill-section pref"><hr> <h3>Strongly Preferred</h3> <ul> <li>JavaScript / browser content scripts — injecting content scripts into HTML responses, navigating CSP, CORS, and Same-Origin Policy.</li> <li>AWS (CloudFormation, NLB, ASG, EC2) — proxy infrastructure is CloudFormation-managed.</li> <li>Performance profiling / load testing — flame graphs, benchmarking tools, high-concurrency load testing.</li> </ul> </div> <div class="skill-section nice"><hr> <h3>Nice to Have</h3> <ul> <li>Web filtering / content inspection domain experience — URL categorization, security product internals, CIPA compliance.</li> <li>Docker / containerization — relevant to on-premise proxy appliance work as a secondary project.</li> </ul> </div> <hr> <h2>Who You Are</h2> <ul> <li>You are the engineer who reads crash dumps for fun. Memory safety, ownership models, and undefined behavior are topics you have strong opinions about.</li> <li>You have ported or rewritten production systems before and understand that behavioral parity is significantly harder than it appears.</li> <li>You can navigate a large legacy C++ codebase without documentation. You treat it as archaeology, not an obstacle.</li> <li>You take correctness seriously — you do not ship a port until you are confident it behaves identically to what it replaced, and you have the test coverage to prove it.</li> <li>You define the plan, not just execute it. You produce written conversion strategies, risk registers, and performance baseline documents.</li> <li>You make other engineers better. You are sought out for Rust code reviews and junior engineers ship better code after working with you.</li> </ul> <hr> <h2>What It Means to Be L5 at Securly</h2> <p>L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.</p> <ul> <li>Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.</li> <li>Identify and resolve ambiguity in requirements, system boundaries, and design tradeoffs without waiting for a fully-formed spec.</li> <li>Mentor L3/L4 engineers on the team: code reviews, design feedback, pairing, and raising the bar for what production-quality work looks like.</li> <li>Partner with your L6 technical lead and the Distinguished Engineer on architectural decisions, surfacing tradeoffs clearly rather than deferring them upward.</li> <li>Contribute to cross-team engineering standards: you are expected to influence practices beyond your immediate squad.</li> <li>Translate technical context into clear written artifacts that non-engineers (PM, Support, Leadership) can act on.</li> <li>Participate in on-call rotation and own the full incident lifecycle for your system: detection, diagnosis, resolution, and retrospective.</li> </ul> <hr> <h2>About Securly</h2> <div class="about"> <p>Securly processes over 1.1 billion requests per day and 54 TB of data daily, protecting more than 20 million students across 20,000+ schools globally. Since pioneering the first cloud-based web filter for K-12 in 2013, Securly has built one of the most trusted, high-scale platforms for student safety, wellness, and engagement. By turning data into meaningful, actionable intelligence, Securly enables schools to identify risk earlier, reduce harmful incidents, and strengthen student support.</p> <p>We are proud to be consistently recognized as a Top Place to Work, named a Top 40 Most Used EdTech platform, and included on the GSV 150 list as one of the most transformational growth companies in digital learning and workforce skills.</p> </div> <hr> <h2>Benefits</h2> <div class="benefits"> <ul> <li>Comprehensive Health Insurance (employee, parents, spouse, children)</li> <li>Accidental &amp; Term Life Insurance</li> <li>Learning &amp; Development reimbursement</li> <li>Paid Time Off</li> <li>Public Holidays (10+ per year)</li> <li>Retirement Benefits (EPF &amp; gratuity)</li> <li>Parental Leave (as per statutory norms)</li> </ul> </div> <div class="eeo"><hr><strong>Equal Opportunity Employer</strong><br>Securly is an Equal Opportunity Employer committed to inclusion, fairness, and respect. We welcome applicants from all backgrounds, identities, and experiences. #LI-REMOTE #LI-DO1</div>